Defense Trade Application System 



Exhibit 300: Part I : Summary Information and Justification (All Capital Assets) 



I .A. Overview 



1. Date of Submission: 


2/2/2007 


2. Agency: 


Department of State 


3. Bureau: 


Bureau of Political-Military Affairs 


4. Name of this Capital Asset: 


Defense Trade Application bystem 


5. Unique Project (Investment) Identifier: (For IT investment only, 
see section 53. For all other, use agency 1 D system.) 


014-00-01-05-01-1398-00 


6. What kind of investment will this be in FY2008? (Please NOTE: 
1 nvestments moving to O&M ONLY in FY2008, with 
Planning/ Acquisition activities prior to FY2008 should not select 
O&M. These investments should indicate their current status.) 


Mixed Life Cycle 


7. What was the first budget year this investment was submitted to 
OMB? 


FY2003 


8. Provide a brief summary and justification for this investment, including a brief description of how this closes in part or in whole an 
identified agency performance gap: 


The purpose of this section is to present the summary and justification of the Defense Trade Application System (DTAS) Business Case for the Department of State (DoS) Fiscal 
Year FY) 2008 budget submission. DTAS is a working web- based export license application system critical to national security. DTAS is composed of three major subsystems. D- 
Trade, the most visible DTAS sub-system was formally rolled out by then Secretary of State Collin Powell, February 18, 2004. After a year and a half of operation D-Trade has 
shown itself to be a paperless, user-friendly and security- sensitive defense technology export licensing system. D-Trade is important because it's one of many integrated parts 
within the U.S. national security system that controls the export of defense items and technologies. D-Trade is also part of the president's management agenda, which aims to 
advance effective government through e-government. The second component of DTAS is T-RECS, the Trade Registration, Enforcement and Compliance System (T-RECS). T- 
RECS provides for e-Gov services with electronic referral of applications for DHS, DOJ , etc. T-RECS is designed around Federal Enterprise Architecture (FEA) application of MS. Net 
technology. The T-RECS version 2 is being deployed as a Proof of Concept for user review, testing and component database interface evaluations in September 2005. The third 
component of DTAS is DTAR, the Defense Trade Archive Repository. DTAR is a working subsystem that implements electronic storage of applications for the DTAS data 
management requirements. It leverages existing expertise in the PM and VC Bureaus to operate high speed scanners, R/Ware and KM systems for identifiable cost savings. It is 
NARA approved and delivers long-term unit cost reductions to DDTC that will restrain the growth rate for operating costs. In total, these component of DTAS support our critical 
efforts to control international traffic in arms as required by the International Traffic in Arms control Regulations (ITAR) 22 CFR 120-130. The new DTAS subsystems and 
processes do not simply speed up old processes. They represent changes the ways in which we document, review, managed, and approved defense trade and technology 
distributions that improve the overall security of the United States and its allies. 


9. Did the Agency's Executive/ 1 nvestment Committee approve this 
request? 


Yes 


a. 1 f "yes," what was the date of this approval? 


8/4/2006 


10. Did the Project Manager review this Exhibit? 


Yes 


12. Has the agency developed and/ or promoted cost effective, energy 
efficient and environmentally sustainable techniques or practices for 
this project. 


No 


a. Will this investment include electronic assets (including 
computers)? 


Yes 
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b. 1 s this investment for new construction or major retrofit of a 

BF 

Federal building or facility? (answer applicable to non-1 T assets only) 


No 


1. If "yes," is an ESPC or UESC being used to help fund this 
investment? 




2. If "yes," will this investment meet sustainable design 
principles? 


3. If yes/ is it designed to be 30% more energy efficient than 
relevant code? 




13. Does this investment support one of the PMA initiatives? 


Yes 


If yes, check all that apply* 


Human Capital, Expanded E-Government 


13a. Briefly describe how this asset directly supports the identified 
initiative(s)? 


Expanded Electronic Government: - DTAS: Shares information more quickly and 
conveniently among the federal agencies and by collaborating more readily with our 
allies - foreign governments by providing a web based electronic interface between 
government agencies participating in tne aerense traae application analysis area, u i ad 
uses electronic submissions, on-line license officer reviews, electronic referral and 
returned positions to service the massive license application increases. 


14. Does this investment support a program assessed using the 
Program Assessment Rating Tool (PART)? (For more information 
about the PART, visit www.whitehouse.gov/ omb/ part.) 


No 


a. If "yes," does this investment address a weakness found during 
the PART review? 


No 


b. If "yes," what is the name of the PART program assessed by 
OMB's Program Assessment Rating Tool? 




c. If "yes," what PART rating did it receive? 


15. Is this investment for information technology? 


Yes 


If the answer to Question: "Is this investment for information technology?" was "Yes," complete this sub-section. If the answer is "No," do 
not answer this sub-section. 


For information technology investments only: 




16. What is the level of the IT Project? (per CIO Council PM Guidance) 


Level 2 


17. What project management qualifications does the Project 
Manager have? (per CIO Council PM Guidance): 


(1) Project manager has been validated as qualified for this investment 


18. Is this investment identified as "high risk" on the Q4 - FY 2006 
agency high risk report (per OMB's "high risk" memo)? 


No 
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No 


a. If "yes," does this investment address a FFMI A compliance area? 


No 


1. If "yes," which compliance area: 




2. If "no," what does it address? 


b. If "yes," please identify the system name(s) and system acronym(s) as reported in the most recent financial systems inventory update 
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20. What is the percentage breakout for the total FY2008 funding request for the following? (This should total 100% ) 


Hardware 


8 


Software 


7 


Services 


85 


Other 


0 


21. If this project produces information dissemination products for 
the public, are these products published to the 1 nternet in 
conformance with OMB Memorandum 05-04 and included in your 
agency inventory, schedules and priorities? 


No 


23. Are the records produced by this investment appropriately 
scheduled with the National Archives and Records Administration's 
approval? 


Yes 



I.D. Performance Information 



I n order to successfully address this area of the exhibit 300, performance goals must be provided for the agency and be linked to the annual 
performance plan. The investment must discuss the agency's mission and strategic goals, and performance measures must be provided. 
These goals need to map to the gap in the agency's strategic goals and objectives this investment is designed to fill. They are the internal and 
external performance benefits this investment is expected to deliver to the agency (e.g., improve efficiency by 60 percent, increase citizen 
participation by 300 percent a year to achieve an overall citizen participation rate of 75 percent by FY 2xxx, etc.). The goals must be clearly 
measurable investment outcomes, and if applicable, investment outputs. They do not include the completion date of the module, milestones, 
or investment, or general goals, such as, significant, better, improved that do not have a quantitative or qualitative measure. 

Agencies must use Table 1 below for reporting performance goals and measures for all non-1 T investments and for existing IT investments 
that were initiated prior to FY 2005. The table can be extended to include measures for years beyond FY 2006. 



Performance I nformation Table 1: 



i 



Fiscal 
Year 


Strategic Goal(s) Supported 


Performance Measure 


Actual/ baseline (from 
Previous Year) 


Planned Performance Metric 
(Target) 


Performance Metric Results 
| (Actual) 


2004 


Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - Verification, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


Increase percentage of DSP- 5 
license requests handled 
electronically to 10% 


1% of DSP- 5 license requests 
processed electronically 


Make a comparison of DSP-5 
licenses processed in FY-2002 
and FY-2003 and licenses 
processed in FY-2004 


This represented 100% increase 
in D-Trade usage over the pilot 
processing that occurred in 
2003 (First partial year of 
operation). 


2004 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 


Reduce median processing time 
for electronic licenses by 8 days 
to 43 days 


51 day median processing time 
for a referred license 


Review records to compare 
processing times from FY-2002 
and FY-2003 to FY-2004 


This represents a 46% 
improvement in the license 
process time 
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IT management and 
infrastructure . . . 










2004 


Performance Goal #2 under 
Strategic Goal 12 - Management 
ana urganizationai excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


Obtain median processing time 
of 5 days for electronic licenses 


|8 day median processing time 
for a non- referred license 


iReview processing records for 
FY-2004 to confirm processing 

4- ■ f**! 1 ^ ^**a L**fc «K La, ^k ^k uk ua , — , > — J a a > — ■ > — v y — J ■ uk 

time nas oeen reduced in 
comparison to FY-2002 and FY- 
2003. 


[This represents a 37% 
improvement in the license 

UK ua r — ^ , — v / / a uk . J— a uauK ^k 

processing time. 


2005 


Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - veriiication, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


Increase percentage of license 
requests handled electronically 

¥r\ A 0/ 

tO z47o 


As of September 2004 we are 
processing 6% of the licenses 
applications electronically 


Percentage of licenses handled 
electronically 


700 + DSP-5s processed for 
each month - J une and J uly of 

ZUUd. 


2005 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and urganizationai excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


llmprove processing response 
time to 24 days 


As of September 2004, 
processing time for an 

A 1 A *K ua «K uk a ^aa «K 1 1 • • ua ^k ^k ua ua > — -J 1 a > — i v — ■ — * , — v — * 

electronically reterred license 
was reduced to 28 days 


Median processing time for a 
referred electronic licenses 


This represents a 21% 
improvement in processing 
time. 


2005 


Performance Goal #2 under 
Strategic Goal 12 - Management 

"Hi f \ ua «Ka sa*. • aaa— • ^K uk a>K 1 1 « / t — 1 i—i 1 1 i—i 1— \ t— i—i 

and organizational excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


Obtain median processing time 
of 4 days for electronic licenses 


As of September 2004 the 
median processing time for 

1 a" 1 *. 4~* "* UK a ^a. uk ^K UK ua ^a.-*- *a. ua ua , — , / — J 1 a > — ■ ^ — ^ uk / - — ^ 

electronic non-reterred license 
has been reduced to 5 days. 


Median processing time for 
electronic licenses 


The monthly median days 
processing times show great 
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variances wnen tne days are 
measured on small numbers. 


2005 


Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - ventication, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


[Handle 25 % of DSP-5 special 
handling cases via D-Trade 


lDSP-5 special handling cases 
are not currently processed 
electronically via d- i raoe 


Percentage of case 
categorized/ requiring special 
nanoiing 




2005 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and urganizationai excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


License officers will sign 10% of 
DSP-5 cases electronically 


No DSP-5 cases are currently 
signed electronically by license 

f-\ f f | *-a -<K ua . 

omcers 


Cases signed to cases signed 
electronically - percentage 


Data show as many as 400 DSP- 
5 licenses per month are now 
signed electronically, inis is 
approximately 10% of total 
DSP-5 cases. 


2005 


Performance Goal #2 under 
Strategic Goal 12 - Management 

anrl Ornani7afinnal Fvrpllpnrp - 

Ql l\A V— ' 1 Uul 1 1 Z_ C4 L 1 W 1 1 CI 1 LALCIICI 1 V_v_ 

Modernized, secure, high quality 
IT management and 
infrastructure . . . 


|l ncrease to 20% - . 5% of DSP- 
5 Cases are referred to bureaus 

anrl anpnripQ plprfrnniralk/ 

Ql IU uycllLICj LI KJl 1 1 V_a 1 1 y 


.5% of DSP-5 Cases are referred 
to bureaus and agencies 

plprfrnnirallv 

ci cv. Li \ji iiv_aiiy 


Cases referred to bureaus and 
agencies electronically - 

nprrpnfanp 


["Complete data are not yet 
available for the 2005 fiscal 

yea i . 



All new IT investments initiated for FY 2005 and beyond must use Table 2 and are required to use the Federal Enterprise Architecture (FEA) 
Performance Reference Model (PRM). Please use Table 2 and the PRM to identify the performance information pertaining to this major IT 
investment. Map all Measurement Indicators to the corresponding "Measurement Area" and "Measurement Grouping" identified in the PRM. 
There should be at least one Measurement I ndicator for at least four different Measurement Areas (for each fiscal year). The PRM is available 
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at www.egov.gov. 



Performance I nformation Table 2: 



i 



Fiscal 
Year 


Measurement 
Area 


1 Measurement 
Category 


1 Measurement 
Grouping 


Measurement 
1 ndicator 


Baseline 


Planned 
1 mprovement to the 
Baseline 


Actual Results 


2005 


r— ————— — —————— ———— 

Customer 
Results 


Timeliness and 
Responsiveness 


r— ————— —————— ————— — 

Response Time 


i 

Median number of 

days required to 

process staffed D- 

Trade license 

applications for 

referred cases 

using u- \ rade. 


r— ————— ————— ——— ————— ————~ 

30 days median 
processing time for D- 
Trade cases for 2004 


r——————————————————————— 

Decrease processing 
time for by 1 day per 
quarter for FY 2005 


i 

End of 3rd qtr 2005 - shows median D-Trade referred 

cases are now taking 25 days to process. 


12005 


Mission and 

Business 

Results 


Information and 

Technology 

Management 


IT 

1 nfrastructure 
Maintenance 


[Percent (%) of all 
referred and non- 
referred license 
applications 
Processed using 
D-Trade 


1.2 % - FY 2004 


1 n crease by 1% per 
quarter for FY 2005 


Number of cases processed has increased steadily in 
each quarter in FY 2005. Seven (7 %) of cases were 
being processed using D-Trade by the end of the 3rd 
quarter 2005. 


2005 


IProcesses and 
Activities 


[Management 
and Innovation 


Innovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


|0 cases signed in FY 
2004 - no e-signature 
D-Trade system 
module was in 
operation 


1% of DSP- 5 cases to 
be signed 

electronically by 4th 
QTR 2005 


3rd QTR 2005 data - shows 400 cases signed 
electronically. This is approximately .3 % of cases. 


2005 


Technology 


Effectiveness 


IT Contribution 
to Process, 
Customer, or 
Mission 


1 ncreasing % of 
new DDTC 
Registrants Using 
D-Trade to submit 
DSP5s 

electronically 


1% of new registrants 
used D-Trade to 
submit DSP-5s in FY 
2004 


1% increase per 
quarter for FY 2005 


5% of New registrants are using D-Trade to submit 
DSP-5s at the end of 3rd QTR 2005 


2006 


ICustomer 
Results 


Timeliness and 
Responsiveness 


iResponse Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


|End of FY 05 median 
result [Note: Medians 
times are used per 
GAO report, GAO-01- 
528 that discusses 
how licenses times 
can be significantly 
improved by a few 
emergency case or 
lengthened by a small 
number of difficult 
policy cases. 


(Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches a 
median of 20 days per 
case/ per month. 


http: // www. pmddtc. state. gov/ processtime. htm For 
FY 06 - an unstable measure, the high range 
variations (48-24) for staffed cases staffed cases has 
a median processing time = 36 days; far lower times 
for non-staffed cases - median - 13.4 days. 


12006 


Mission and 
Business 

ttcbUILS 


Information and 

Technology 

Management 


1 nformation 
Management 


[Percent (%) of all 
DSP- 5 referred 
ana non-reierrea 
license 
applications 
submitted to 
DDTC using D- 
Trade. 


FY 05 calculated 10% 
of DSP- 5 cases 

y~\ v~ f~\ f r^i c c f^s r\ i irinn 1""^ 

processcQ using u- 
Trade 


Increase the percent 
of the total of DSP- 5 
ana an cases 
submitted for 
processing using D- 
Trade by 1 % per 
quarter 


D-Trade received approximately 60% of DSP- 5 D- 
Trade cases for the 4th quarter of FY 2006. D-Trade 
suDmission increasea relative to tne legacy ana paper 
submission with FY. All DSP 5 submissions are beiing 
received via D-Trade for 2007. 


|2006 


Mission and 


Information and 


|l nformation 


Percent of all 


End of FY 2005 


2 % per FY quarter. 


Results for 4th quarter were up over 3rd quarter of 





business 
Results 


I ecnnoiogy 
Management 


Management 


cases examined 
by DDTC, 
submitted to D- 
Trade. 


results. 

(approximately 5%) 




rYub. u- \ rade submissions (ail) were j4dU or zo% ot 
the total of 12256 submissions for 4th quarter FY06. 


2006 


Processes and 
Activities 


Management 
and Innovation 


Innovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 05 result of 

3% 


|FY 06 QTR 1 - 1% of 
cases to be signed 
electronically; QTR 2 - 
2% of DSP-5 cases to 
be signed 

electronically; QTR 3 - 
5% of cases to be 
signed electronically; 
QTR 4 - 8% of cases 
to be signed 
electronically 


D-Trade has delivered excellent results. D-Trade 
submissions (all) are now signed electronically when 
completed and licenses are approved. [4th Qtr. 2006 
- 3460 or 28% of the total of 12256 submissions for 
4th quarter FY06. 


2006 


[Technology 


Effectiveness 


llT Contribution 
to Process, 
customer, or 
Mission 


Number of new 
DDTC Registrants 
using u- \ rade to 
submit DSP5s. 


End of FY 05 result 
(Less than 1%) 


|5 % increase per 
quarter for FY 2006; 
reacning zd % ot an 
new registrants submit 
DSP5s using D-Trade 
by end of FY 2006 


|New registrant's - 180 new DDTC registrants for the 
4th quarter. Only 16 applied for license, and of this 
number - du% used u- irade ratner tnan uetra. 


2007 


Customer 
Results 


Timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


End of FY 06 median 
result [Note: Medians 
times are used per 
GAO report, GAO-01- 
528 that discusses 
how licenses times 
can be significantly 
improved by a few 
emergency case or 
lengthened by a small 
number of difficult 
policy cases. 


1 mprove median 
reported and 
published results. 
Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches a 
median or zu days per 
case/ per month. 


During the 1st quarter of FY 07 process 
improvements were made; D-Trade staffed case 
median processing time - 31 days; non-staffed cases 
median processing - 11 days. The average of staffed 
& non-staffed days reached 21 days, (very near 
target) 


2007 


Mission and 

Business 

Results 


Information and 

Technology 

Management 


|l nformation 
Management 


Percent (%) of all 
referred and non- 
referred license 
applications 
Processed 


D-Trade received 
approximately 17% of 
DSP-5 D-Trade cases. 
D-Trade submission 
increased relative to 
the legacy and paper 
submission witn Zdvo 
(854 of 3734) DSP-5 
submissions being 
received via D-Trade. 


1 n crease by 2% per 
quarter for FY 2007 


lExcellent progress -exceeding targets. D-Trade 
received approximately 59% of license applications 
for December 2006. D-Trade submissions - 3870; 
Detra - 2596. 


2007 


Processes and 
Activities 


Management 
and Innovation 


Innovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 06 result 


|FY 07 QTR 1 - 10 % of 
cases to be signed 
electronically; QTR 2 - 
12% of DSP-5 cases to 
be signed 

fcrlcLU Ul llLcJIly , ^ 1 r\ j ■ 

15% of cases to be 
signed electronically; 
QTR 4 - 18% of cases 


Progress for FY 2006 greatly exceeded targets in the 
first quarter of 2007. As of Sept 30, 2006 27.8% of 
all DDTC cases were signed electronically; increasing 
to 33% - October, 48% November; 59% of all cases 
signed electronically for Dec. 2006.. 
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to be signed 
electronically 




2007 


[Technology 


Effectiveness 


IT Contribution 
to Process, 
Customer, or 
Mission 


iNumber of new 
DDTC Registrants 
Using D-Trade vs. 
uetra to suomit 
license 
applications. 


End of FY 06 result 


Il0 % increase per 
quarter for FY 2007; 
reaching 65 % of all 
new registrants suomit 
applications using D- 
Trade by end of FY 
2007 


bata new registrant's for the 1st quarter of FY 07 
shows there are 19 new registrants submitting 
applications. Of those 19 submitted applicants for 
licenses, 14 or /dvo used u- 1 rade. (ddvo 
improvement over 2006 data). This now exceeds the 
FY target. 


2008 


Customer 
Results 


Timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


End of FY07 results. 


Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches an 
average of 18 days 
per case. [Currently 
estimated to be an 
optimum level given 
tne required 
processing and review 
time w/i other 
agencies.] 




2008 


Mission and 

business 

Results 


Information and 
i ecnnoiogy 
Management 


|l nformation 
Management 


Percent (%) of all 
reterreo ana non- 
referred license 
applications 
Processed 


FY 07 calculated 20% 

/-v-F f""\C n C r~ —\r~ r\r~ 

or ubr-j cases 
processed using D- 
Trade 


|70 % per FY quarter. 




12008 


Processes and 
Activities 


Management 
and Innovation 


Innovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 07 result 


FY 06 QTR 1 - 31% of 
cases to be signed 
electronically; QTR 2 - 
52% of DSP-5 cases to 
be signed 

electronically; QTR 3 - 
65% of cases to be 
signed electronically; 
QTR 4 - 75% of cases 
to be signed 
electronically 




2008 


[Technology 


Effectiveness 


llT Contribution 
to Process, 

Pi iQfnmpr nr 

\_U JLUI 1 ICI , (J 1 

Mission 


Number of new 
DDTC Registrants 

1 iQinn D-TraHp fn 

\j _> 1 1 ly \—> i i auc iu 

submit DSP5s 


|End of FY 07 result 


20 % increase per 
quarter for FY 2007; 

rparhinn RS % nf all 

i ca v_ i 1 1 1 i y kj ~j /u \_* 1 an 

new registrants submit 
DSP5s using D-Trade 
by end of FY 2008 





I .E. Security and Privacy 



I n order to successfully address this area of the business case, each question below must be answered at the system/ application level, not at 
a program or agency level. Systems supporting this investment on the planning and operational systems security tables should match the 
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systems on the privacy table below. Systems on the Operational Security Table must be included on your agency Fl SMA system inventory and 
should be easily referenced in the inventory (i.e., should use the same name or identifier). 

All systems supporting and/ or part of this investment should be included in the tables below, inclusive of both agency owned systems and 
contractor systems. For IT investments under development, security and privacy planning must proceed in parallel with the development of 
the system/ s to ensure IT security and privacy requirements and costs are identified and incorporated into the overall lifecycle of the 
system/ s. 

Please respond to the questions below and verify the system owner took the following actions: 

1. Have the IT security costs for the system(s) been identified and integrated into the overall costs of the investment: Yes 
a. If "yes," provide the "Percentage IT Security" for the budget year: 15 

2. I s identifying and assessing security and privacy risks a part of the overall risk management effort for each system supporting Yes 
or part of this investment. 



4. O perational Systems - Security Table: 



Name of System 


Agency/ or Contractor 
Operated System? 


NIST FIPS 199 
Risk 1 mpact 
level 


Has C&A been 
Completed, using NIST 
800-37? 


Date C&A 
Complete 


What standards were used 
for the Security Controls 
tests? 


Date Complete(d): 
Security Control Testing 


Date the 
contingency plan 
tested 


Defense Trade 
Application System 


[Contractor and 
Government 


High 


Yes 


10/31/2006 


FIPS 200 / NIST 800-53 


6/30/2006 


7/31/2006 



5. Have any weaknesses related to any of the systems part of or supporting this investment been identified by the agency or IG? No 
a. If "yes," have those weaknesses been incorporated agency's plan of action and milestone process? Yes 

6. I ndicate whether an increase in IT security funding is requested to remediate IT security weaknesses? No 

a. If "yes," specify the amount, provide a general description of the weakness, and explain how the funding request will remediate the 
weakness. 



7. How are contractor security procedures monitored, verified, validated by the agency for the contractor systems above? 

System Audit Logs and database audit logs are turned on and reviewed periodically. System use metrics are maintained and reviewed at least weekly. Anomalies that are 
discovered in the audit tracking are investigated. Additionally we have had periodic reviews by the 01 G and re mediated the system in accordance with their findings. As noted in 
previous paragraphs access to the system is scrutinized by a rigorous access request process that includes Additions, modifications, and Deletions with aggressive service level 
agreements to ensure employees do not have access to the system after leaving. The system was accredited in October of 03 and we are currently stepping through Certification 
renewal with the Office of Information assurance, with an expected accreditation date of Jan 30, 06 



8. Planning & Operational Systems - Privacy Table: 



Name of System 


1 s this a new 
system? 


1 s there a Privacy 1 mpact 
Assessment (PI A) that covers this 
system? 


Is the PI A available 
to the public? 


1 s a System of Records Notice 
|(SORN) required for this system? 


Was a new or amended SORN published in FY 06? 


Defense Trade 
Application System 


Yes 


Yes. 


Yes. 


Yes 


No, because the existing Privacy Act system of 
records was not substantially revised in FY 06. 
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I .F. Enterprise Architecture (EA) 



I n order to successfully address this area of the business case and capital asset plan you must ensure the investment is included in the 
agency's EA and Capital Planning and I nvestment Control (CPI C) process, and is mapped to and supports the FEA. You must also ensure the 
business case demonstrates the relationship between the investment and the business, performance, data, services, application, and 
technology layers of the agency's EA. 

1. I s this investment included in your agency's target enterprise architecture? Yes 
a. If "no," please explain why? 



2. Is this investment included in the agency's EA Transition Strategy? 

a. If "yes," provide the investment name as identified in the Transition Strategy provided in the agency's most recent annual EA 
Assessment. 

b. If "no," please explain why? 



Yes 

Defense 
Trade 
Application 
System 



3. Service Reference Model (SRM) Table: 

Identify the service components funded by this major IT investment (e.g., knowledge management, content management, customer relationship 
management, etc.). Provide this information in the format of the following table. For detailed guidance regarding components, please refer to 

http:/ / www.whitehouse.gov/ omb/ egov/ . 




Agency 
Component Name 


Agency Component Description 


Service 
Domain 


FEA SRM 
Service Type 


1 FEA SRM 
Component 


FEA Service 
Component 
Reused Name 


FEA Service 
Component 
Reused UPI 


1 nternal 
or 

External 
Reuse? 


BY Funding 
Percentage 


Data Exchange 


Defines the set of capabilities that support 
the interchange of information between 
multiple systems or applications; includes 
verification that transmitted data was 
received and unaltered. 


Back Office 
Services 


Data 

Management 


Data Exchange 






No Reuse 


0 


Extraction and 
Transformation 


Defines the set of capabilities that support 
the manipulation and change of data. 


Back Office 
Services 


Data 

Management 


Extraction and 
Transformation 






No Reuse 


P 


Reporting 


Defines the set of capabilities that support 
the use of pre-conceived or pre-written 
reports. 


Business 

Analytical 

Services 


Reporting 


Standardized / 
Canned 






No Reuse 


0 


Change 

Management (New 
DoS Service) 


Defines the set of capabilities that control 
the process for updates or modifications to 
the existing documents, software or 
business processes of an organization. 


Business 

Management 

Services 


Management of 
Processes 


Change 
Management 






No Reuse 


0 


Configuration 
Management (New 
DoS Service) 


IDefines the set of capabilities that control 
the hardware and software environments, as 
well as documents of an organization. 


business 

Management 

Services 


Management of 
Processes 


Configuration 1 
Management 






No Reuse 


0 


Program / Project 


Defines the set of capabilities that manage 


Business 


Management of Program / 






No Reuse 
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Management (New 
DoS Service) 


and control a particular effort of an 
oraanization. 


Management 
Services 


Processes 


Project 
Manadement 










Requirements 
Management (New 
DoS Service) 


Defines the set of capabilities that gather, 
analyze and fulfill the needs and 
prerequisites of an organization's efforts. 


Business 

Management 

Services 


1 

Management of 
Processes 


Requirements 
Management 






No Reuse 


0 


contact 
Management 


Defines the set of capabilities that provide a 
comprehensive view of all customer 
interactions, including cans, email, 
correspondence and meetings; also provides 
for the maintenance of a customer's 
account, business and personal information. 


customer 
Services 


Customer 

Relationship 

Management 


Contact and 
Profile 

Management 






No Reuse 


P 


1 nformation 
Retrieval 


Defines the set of capabilities that allow 
access to data and information for use by an 
organization and its stakeholders. 


Digital Asset 
Services 


Knowledge 
Management 


1 nformation 
Retrieval 






No Reuse 


0 


Case Management 
(New DoS Service) 


Defines the set of capabilities that manage 
the lifecycle of a particular claim or 
investigation within an organization to 
include creating, routing, tracing, 
assignment and closing of a case as well as 
collaboration amond case handlers. 


Process 

Automation 

Services 


Tracking and 
Workflow 


Case 

Management 






No Reuse 


P 


Process Tracking 

\ IMCVV L-/V_/_J J CI VILC/ 


Defines the set of capabilities that allow the 
monitoring of activities within the business 
cycle. 


Process 

Automation 

Services 


Tracking and 

Workflow 

VV Ul IX 1 1 W vv 


Process Tracking 






No Reuse 


0 


Forms Creation 


Defines the set of capabilities that support 
tne design and generation or electronic or 
physical forms and templates for use within 
the business cycle by an organization and its 
stakeholders. 


Support 


Forms 


Forms Creation 






No Reuse 


p 


(New DoS Service) 


Services 


Management 






Forms Modification 
(New DoS Service) 


1 1 > — \ -J— ■ u-k 4— Ls • ^v4~ y — s 4- > — ■ —i. » - — s L-N ill 4- I ^ — \ i— 4— I—I - — s 4- / — ■ ■ i— , ■— , / — s 4- 

uetines tne set or capaDinties tnat support 
the maintenance of electronic or physical 
forms, templates and their respective 
elements and fields. 


Support 
Services 


Forms 

Management 


Forms 
Modification 






No Reuse 


0 


Access Control 
(New DoS Service) 


Defines the set of capabilities that support 
tne management ot permissions Tor logging 
onto a computer, application, service, or 
network; includes user management and 
role/privilege management. 


Support 
Services 


Security 
Management 


Access Control 






No Reuse 


p 


Digital Signature 
Management (New 
DoS Service) 


use and management or electronic 
signatures to support authentication and 
data integrity; includes public key 
infrastructure (PKI). 


Support 
Services 


Security 
Management 


Digital Signature 
Management 






No Reuse 


0 


I dentiiication and 
Authentication 
(New DoS Service) 


Defines the set of capabilities that support 
oDtaining intormation aoout tnose parties 
attempting to log on to a system or 
application for security purposes and the 
validation of those users. 


Support 
Services 


Security 
Management 


1 j— J . »— « 4— i 4- ■ j— —\ 4— ■ * — > i, — » 

1 dentiiication 
and 

Authentication 






No Reuse 


0 


Data Network 
Services 


Fypti ii"PQ mainfainQ anrl QiinnnrfQ fhp 

devices, facilities and standards that provide 
the computing and networking within and 
between enterprises. 


Support 
Services 


Security 
Management 


NEW 






No Reuse 


0 
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Use existing SRM Components or identify as "NEW". A "NEW" component is one not already identified as a service component in the FEA 
SRM. 

A reused component is one being funded by another investment, but being used by this investment. Rather than answer yes or no, identify 
the reused service component funded by the other investment and identify the other investment using the Unique Project 1 dentifier (UPI ) 
code from the OMB Ex 300 or Ex 53 submission. 

'I nternal 1 reuse is within an agency. For example, one agency within a department is reusing a service component provided by another 
agency within the same department. 'External' reuse is one agency within a department reusing a service component provided by another 
agency in another department. A good example of this is an E-Gov initiative service being reused by multiple organizations across the federal 
government. 

Please provide the percentage of the BY requested funding amount used for each service component listed in the table. If external, provide 
the funding level transferred to another agency to pay for the service. 



4. Technical Reference Model (TRM) Table: 



To demonstrate how this major IT investment aligns with the FEA Technical Reference Model (TRM), please list the Service Areas, Categories, Standards, and 
Service Specifications supporting thi s IT investment. 



rtA bKM component 


rtA I Km bervice Area 


rtA i km bervice 
Category 


rcA trm bervice btandard 


bervice specification (i.e. vendor or product 

name) 


L.ase Management 


L-omponeni rrameworK 


business Logic 


riauorm i naepenuent 


java berviec ybK dd) 


Case Management 


Component Framework 


Business Logic 


Platform Independent 


J avaScript 


Case Management 


Component Framework 


Data Interchange 


Data Exchange 


Electronic Business using XML (ebXML) 


Information Retrieval 


Component Framework 


Data Management 


Database Connectivity 


Java Database Connectivity (JDBC) 


|Case Management 


Component Framework 


(Presentation / 1 nterface 


|Content Rendering 


ICascading Style Sheets (CSS) 


Case Management 


Component Framework 


Presentation / 1 nterface 


Dynamic Server-Side Display 


Java Server Pages (JSP) 


|Case Management 


Component Framework 


Presentation / 1 nterface 


Static Display 


Hyper Text Markup Language (HTML) 


Contact and Profile 
Management 


Component Framework 


Security 


Certificates / Digital Signatures 


Digital Certificate Authentication 


(Contact and Profile 
[Management 


Component Framework 


Security 


Certificates / Digital Signatures 


Secure Sockets Layer (SSL) 


Digital Signature Management 


Service Access and Delivery 


Access Channels 


Other Electronic Channels 


Web Service 


|Forms Creation 


Service Access and Delivery 


(Access Channels 


Web Browser 


1 nternet Explorer 


Access Control 


Service Access and Delivery 


Service Requirements 


Hosting 


Internal (within Agency) 


Forms Creation 


Service Access and Delivery 


Service Requirements 


Legislative / Compliance 


Section 508 


Access Control 


Service Access and Delivery 


Service Requirements 


Legislative / Compliance 


Security 


Data Exchange 


Service Access and Delivery 


|Service Transport 


|Service Transport 


Hyper Text Transfer Protocol Secure (HTTPS) 


Data Exchange 


Service Access and Delivery 


Service Transport 


Service Transport 


Internet Protocol (IP) 


Data Exchange 


Service Access and Delivery 


Service Transport 


|Service Transport 


Transport Control Protocol (TCP) 


Identification and 
Authentication 


Service Access and Delivery 


Service Transport 


Supporting Network Services 


Domain Name System (DNS) 


Identification and 
Authentication 


Service Access and Delivery 


Service Transport 


Supporting Network Services 


Lightweight Directory Access Protocol (LDAP) 
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Information Retrieval 


Service Interface and 
Integration 


1 ntegration 


Middleware 


Database Access: ISQL/w 


Case Management 


Service Interface and 
Integration 


1 nteroperability 


Data Format / Classification 


extensible Markup Language (XML) 


Case Management 


Service Interface and 
Integration 


1 nteroperability 


Data Transformation 


extensible Stylesheet Language Transform (XSLT) 


Data Exchange 


Service Interface and 
Integration 


1 nteroperability 


Data Types / Validation 


XML Schema 


Information Retrieval 


Service Platform and 
Infrastructure 


Database / Storage 


Database 


IsQL Server 










Information Retrieval 


Service Platform and 
Infrastructure 


Database / Storage 


Storage 


Network- Attached Storage (NAS) 


Data Exchange 


Service Platform and 

* V * 1 VI ^ > * ■ 1 ^1 N_ | ^— ' 1 III N-^ 1 1 | N— ^ 

Infrastructure 


Delivery Servers 


Web Servers 


Internet Information Server 


Information Retrieval 


Service Platform and 
Infrastructure 


Hardware / Infrastructure 


1 

Embedded Technology Devices 


Hard Disk Drive 


Case Management 


Service Platform and 

r ^ - I VI > H !■ ■ ■ SSI — 1 ■ III S_^1 ■ 1 ^— ' ' 

Infrastructure 


Hardware / Infrastructure 


Embedded Technology Devices 


Random Access Memory (RAM) 










Data Exchange 


Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Local Area Network (LAN) 


Ethernet 


Contact and Profile 
Management 


Service Platform and 

"■■ 1* *i * I VI ■ 1 N * ■ I ^1 1 | > ' 1 III '1 ■ | N— ^ 

Infrastructure 


Hardware / Infrastructure 


Network Devices / Standards 


1 

jFirewall 


Data Exchange 


Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Network Devices / Standards 


Hub 


Extraction and 
Transformation 


Service Platform and 

*» r - I VI ^ > * ■ 1 <wH *— 1 ^ — ' 1 III Wl 1 ■ 

Infrastructure 


Hardware / Infrastructure 


Peripherals 


1 

jPrinter 








Information Retrieval 


Service Platform and 

* ^ — - ■ VP * — i x h i ■ ^ i ■ ill n— ^ i ■ >— ' i 

Infrastructure 


Hardware / Infrastructure 


Iservers / Computers 


Enterprise Server 


Process Tracking 


Service Platform and 

1* V 0 1 VI ^ > * ■ 1 '1 1 | ^— ' 1 III N-^ 1 1 1 N— ^ 

Infrastructure 


Software Engineering 


Modeling 


1 

Case Management 


Case Management 


Service Platform and 

S - 1 VI v — - ■ ■ S__^1 ' — 1 ^ — ' 1 III 1 ■ N_^l 

Infrastructure 


Software Engineering 


Modeling 


Unified Modeling Language (UML) 


Change Management 


Service Platform and 

r ^ * 1 VI > H !■ 1 ■ SSI — 1 ^ — ^ ■ III ■ I ^— ' ' 

Infrastructure 


Software Engineering 


Software Confiauration 

— r *S | *— ■ W SSI ■ H h ^ f* 1 1 1 1 W V_' 1 ■ ^ — 1 1 J 

Management 


1 

Change Management 


Change Management 


Service Platform and 
Infrastructure 


Software Engineering 


Software Configuration 
Management 


Version Management 


Case Management 


Service Platform and 

^ * V * ■ VI ■ 1 > * ■ I ^1 1 ■ ^ ' ■ III I ■ N— 'I 

Infrastructure 


Software Engineering 


Test Management 


1 

Functional Testing 


Case Management 


Service Platform and 
Infrastructure 


Software Engineering 


Test Management 


Usability Testing (508 Testing) 


Access Control 


Service Platform and 
Infrastructure 


bupport rlattorms 


111 — * >4 — -4— ^ — ^ ■ ^ ■ — l — l I \ — ^ ■ . — . , — ^ ■ — ^ i — J ^ — ^ ■ — ^ I 

Platform Dependent 


I 

Windows zouo 


Case Management 


Service Platform and 
Infrastructure 


Support Platforms 


Platform Independent 


Java 2 Platform Enterprise Edition (J2EE) 



Service Components identified in the previous question should be entered in this column. Please enter multiple rows for FEA SRM 
Components supported by multiple TRM Service Specifications 
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1 n the Service Specification field, Agencies should provide information on the specified technical standard or vendor product mapped to the 
FEA TRM Service Standard, including model or version numbers, as appropriate. 


5. Will the application leverage existing components and/ or 
applications across the Government (i.e., FirstGov, Pay.Gov, etc)? 


Yes 


a. If "yes," please describe. 


DTAS is linked from FirstGov.gov thru Exports.gov. DTAS was one of the first agency PKI systems to board the Quicksilver initiative E-Authentication. DTAS also utilizes Pay.gov 
to support automated electronic registration functions. 


6. Does this investment provide the public with access to a 
government automated information system? 


No 


a. If "yes," does customer access require specific software (e.g., a 
specific web browser version)? 





1. If "yes," provide the specific product name(s) and version 
number(s) of the required software and the date when the public will 
be able to access this investment by any software (i.e. to ensure 
equitable and timely access of government information and services). 



Exhibit 300: Part 1 1 : Planning, Acquisition and Performance I nformation 



1 1 .A. Alternatives Analysis 

Part II should be completed only for investments identified as "Planning" or "Full Acquisition," or "Mixed Life-Cycle" investments in response 
to Question 6 in Part I, Section A above. 

I n selecting the best capital asset, you should identify and consider at least three viable alternatives, in addition to the current baseline, i.e., 
the status quo. Use OMB Circular A- 94 for all investments, and the dinger Cohen Act of 1996 for IT investments, to determine the criteria 
you should use in your Benefit/ Cost Analysis. 

1. Did you conduct an alternatives analysis for this project? Yes 

a. If "yes," provide the date the analysis was completed? 3/1/2001 

b. If "no," what is the anticipated date this analysis will be completed? 

c. If no analysis is planned, please briefly explain why: 

I I .B. Risk Management 

You should have performed a risk assessment during the early planning and initial concept phase of this investment's life-cycle, developed a 
risk-adjusted life-cycle cost estimate and a plan to eliminate, mitigate or manage risk, and be actively managing risk throughout the 
investment's life-cycle. 

1. Does the investment have a Risk Management Plan? Yes 
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a. I f "yes," what is the date of the plan? 1/31/2007 

b. Has the Risk Management Plan been significantly changed since No 
last year's submission to OMB? 

c. If "yes," describe any significant changes: 

Risks included in the plan were examined to determine if any new risks needed to be added. The program is very mature and on schedule & on budget. No new risks have 
materialized. Peformance measures are exceeding estimates and plans. 

2. If there currently is no plan, will a plan be developed? 

a. If "yes," what is the planned completion date? 

b. If "no," what is the strategy for managing the risks? 

3. Briefly describe how investment risks are reflected in the life cycle cost estimate and investment schedule: 

Investment risks are carefully monitored throughout the investment development period. The DTAS system is being built in useful and complete segments (4) that each have 
demonstrable uses and value to minimize the risk of "non-completion" and loss of investment. Portions of all 4 of the segments are now in use and delivering value to the 
government and the numerous industry customers of DDTC. The performance statistics demonstrate the value of this risk management approach very clearly. Approximately 
60% of license applications are now processed and approved using D-Trade. Compliance cases are now all stored and managed from T-RECS. 1/5/2007 
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